Bug#327029: Non-functional with read-only /dev

2005-09-07 Thread Elliott Mitchell 
Package: syslog-ng
Version: 1.6.5-2.2
Severity: important

If /dev is read-only, syslog-ng will give the error message
syslog-ngio.c: bind_unix_socket(): bind failed /dev/log (Address already
in use). The relevant section from `ltrace -LSf`:

-8---8-
664 SYS_pipe(0x584649b8, 0x8069858, 0, 0x805814f, 0) = 0
664 SYS_fork()   = 12105
664 SYS_close(4 unfinished ...
12105 SYS_close(3 unfinished ...
664 ... SYS_close resumed )= 0
12105 ... SYS_close resumed )  = 0
664 SYS_read(3,  unfinished ...
12105 SYS_open(/var/run/syslog-ng.pid, 833, 0600) = 3
12105 SYS_getpid()   = 12105
12105 SYS_write(3, 12105\n, 6) = 6
12105 SYS_close(3)   = 0
12105 SYS_socketcall(1, 0x58464920, 0, 0x806ee50, 0x806ee50) = 3
12105 SYS_fcntl64(3, 3, 0x806ee50, 0x806ee50, 0x2662f880) = 2
12105 SYS_fcntl64(3, 4, 2050, 2050, 0x2662f880)  = 0
12105 SYS_fcntl64(3, 2, 1, 1, 0x2662f880)= 0
12105 SYS_stat64(0x58464892, 0x5846475c, 0x2662f880, 0x58464890, 0x5846475c) = 0
12105 SYS_unlink(0x58464892, 0x58464830, 0x806ee50, 0x58464890, 0x58464892) = 
-30
12105 SYS_socketcall(2, 0x58464810, 0x2662fc40, 0x58464890, 0x58464892) = -98
12105 SYS_write(2, io.c: bind_unix_socket(): bind f..., 72) = 72
12105 SYS_close(3)   = 0
12105 SYS_write(2, Error initializing configuration..., 43) = 43
12105 SYS_write(4, \001, 1)= 1
12105 SYS_close(4)   = 0
664 ... SYS_read resumed \001, 1)= 1
12105 SYS_exit_group(2)  = void
12105 SYS_exit(2 unfinished ...
664 SYS_exit_group(1)= void
664 SYS_exit(1 unfinished ...
12105 +++ exited (status 2) +++
664 +++ exited (status 1) +++
-8---8-

The important lines are the SYS_unlink(...) = -30 and
SYS_socketcall(2, ...) = -98. The first is failing because syslog-ng is
attempting to unlink /dev/log, which fails due to /dev being read-only.
I'm unsure of the SYS_socketcall(), but again traces to a read-only FS.

This should not happen. On recent installations, most often /dev is a
tmpfs and failing that read-write, but it is perfectly legitimate for it
to be read-only.

For people who run into this, this is a very serious bug. I cannot quite
justify a grave severity as too few people have their systems this
tightly locked down.


-- 
(\___(\___(\__  --= 8-) EHM =--  __/)___/)___/)
 \BS (| [EMAIL PROTECTED] PGP 8881EF59 |)   /
  \_CS\   |  _  -O #include stddisclaimer.h O-   _  |   /  _/
\___\_|_/82 04 A1 3C C7 B1 37 2A*E3 6E 84 DA 97 4C 40 E6\_|_/___/




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#327029: Non-functional with read-only /dev

2005-09-07 Thread SZALAY Attila 
Hi All!


On Wed, 2005-09-07 at 00:02 -0700, Elliott Mitchell wrote:
 
 If /dev is read-only, syslog-ng will give the error message
 syslog-ngio.c: bind_unix_socket(): bind failed /dev/log (Address already
 in use). The relevant section from `ltrace -LSf`:

The problem is, that a sysklogd do just the same. Could you please send
an ltrace of sysklogd in the same situation.

Look at this:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=84204;archive=yes



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#327029: Non-functional with read-only /dev

2005-09-07 Thread Elliott Mitchell 
From: SZALAY Attila [EMAIL PROTECTED]
 On Wed, 2005-09-07 at 00:02 -0700, Elliott Mitchell wrote:
  
  If /dev is read-only, syslog-ng will give the error message
  syslog-ngio.c: bind_unix_socket(): bind failed /dev/log (Address already
  in use). The relevant section from `ltrace -LSf`:
 
 The problem is, that a sysklogd do just the same. Could you please send
 an ltrace of sysklogd in the same situation.
 
 Look at this:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=84204;archive=yes

Hmm. Sounds very familiar.

After much research...

I thought there was a way to reuse sockets without having to unlink() the
old one. Looks like I was wrong. The observation that SO_REUSEADDR should
work for AF_UNIX sockets seems to be shown again.  :-(

Looks like sysklogd indeed likely fail to setup the socket, and as Bernd
Eckenfels observed simply continues doing the rest of its job. This means
in their default configuration running syslog-ng/sysklogd *requires* /dev
to be writable. I believe this qualifies as a policy (possibly FHS?)
violation. Seems that /dev/log should be a symbolic link to a socket in
/var/run, which *will* be writable. This then becomes an error with the
default configuration.


-- 
(\___(\___(\__  --= 8-) EHM =--  __/)___/)___/)
 \BS (| [EMAIL PROTECTED] PGP 8881EF59 |)   /
  \_CS\   |  _  -O #include stddisclaimer.h O-   _  |   /  _/
\___\_|_/82 04 A1 3C C7 B1 37 2A*E3 6E 84 DA 97 4C 40 E6\_|_/___/




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]